RegEx data validation (server-side, not using CFFORM/CFINPUT)

Report · Mar 30, 2015

Hello, everyone,

I'm trying to use Regular Expressions on the server-side for data validation from a form. I am not using CFFORM, so will not be using the validate attribute of the CFINPUT, etc.

Basically, I've got the form being submit to the server via AJaX, and I'm using CFMatch() to check the input.

The following works (inside CFSCRIPT tags):

zipMask = "^\d{5}(-\d{4|)?$";
if(arrayLen(REmatchNoCase(zipMask,form.zipCode)) eq 0){
    return "Zip Code is not in correct format.";
    }

So, if a user enters "12345-6789", it's considered valid. If a user enters "12345&8765", it's not.

What isn't working:

coNameMask = "^[A-Za-z0-9]?$";
if(arrayLen(REmatchNoCase(coNameMask,form.companyName)) eq 0){
    return "Company Name contains illegal characters.";
    }

This will return as an error no matter what I put in the field.

Thoughts, suggestions?

V/r,

^_^

Report · Mar 30, 2015

Okay.. just ran into a real problem. Just for testing, I entered "<script>" as part of a company name, and instead of catching it, it's listing my directory (the other side of the conditional is to display nothing.)

What is <script> doing to bypass my data validation???

Thank you,

^_^

Adobe Community

RegEx data validation (server-side, not using CFFORM/CFINPUT)